Category: SC

Update - Complying With the South Carolina Insurance Data Security Act

2/20/2019

Update

On January 1, 2019, parts of the South Carolina Insurance Data Security Act (SCIDSA) became effective. Over the next 17 months, other key parts of the SCIDSA will be phased in until the act is fully in effect on July1, 2020.
Let’s review who the SCIDSA applies to and what requirements are active now and when the other requirements will be phased in.

0 Comments

Talk Layered Security to Me

2/13/2019

0 Comments

One of the amazing questions I received this week was about layered security. “What does that look like Micheal?” This week I’ll break down common ways for small businesses to implement multiple levels of security into their business networks to stop the cyber bad guys.

0 Comments

What are the steps to a HIPAA compliant program?

12/19/2018

0 Comments

A HIPAA compliance program looks different from one organization to the next, depending on their specific needs. Although varied, each program goes through a similar cycle that I will outline in this week’s blog. Keep in mind, the cycle typically repeats on a yearly schedule as mandated by HIPAA.

0 Comments

Who enforces cyber security for healthcare?

11/28/2018

0 Comments

The assumed answer is HIPAA. To clarify, HIPAA is an act and not a governing body of any sort. HIPAA’s rules and regulations are enforced by the U.S. Department of Health & Human Services (HHS) and their Office for Civil Rights (OCR). Besides Attorney Generals, other entities cannot enforce HIPAA, it acts as a standard for the healthcare industry and is used as a measuring stick for due diligence.

0 Comments

IDSA - Bulletin 2018-09

9/6/2018

0 Comments

Today, the South Carolina Department of Insurance released Bulletin 2018-09 Cybersecurity Event Reporting Form. Why should you read it? This bulletin focuses on how the Department of Insurance defines a reportable cybersecurity event and the notification procedures. The three main take aways from the bulletin are:

Encrypting data can prevent an Insurance licensee from declaring a cybersecurity event.
Loss of paper documents does not constitute a cybersecurity event.
Licensees have 72 hours to notify DOI of a cyber security event, unless they are considered a “non-domicile entity”.

If you are a South Carolina licensee who falls under the provisions of the Information Data Security Act, Tandem Cyber Solutions can help you with the required security assessments and develop a comprehensive Information Security strategy to meet regulatory obligations and protect your client’s data.

Follow this link to view the latest bulletin from the DOI. For your convenience we have attached both the bulletin and the updated event report form below. You may also want to review previous blogs about the IDSA and how you too can sign up for IDSA update notices from the DOI.

If you have any questions on SC Insurance Data Security Act compliance, Call Tandem Cyber Solutions today!

(843)309-3508